Did Target ignore data breach warnings?

Last fall cyber thieves stole personal information from 70 million Americans, including 40 million credit card numbers during the massive data breach of Target customers.

A new report from Bloomberg Businessweek said the attack could have been prevented if Target had reacted to warnings from its own cyber security system.

Bloomberg Businessweek editor Josh Tyrangiel discussed their findings on "CBS This Morning." He told the co-hosts that the warnings came from Target's own $1.6 million security system called FireEye.

"FireEye was actually created by the CIA. It's used by the CIA and military. FireEye ... basically creates a staging server. So if bad guys come in and create evil software, it first hits FireEye before it gets into Target's system," said Tyrangiel. "FireEye sends an alert. Target has employed people in Bangalore to monitor the system."

Ironically this system is not an industry standard and most retailers do not have such high-tech fraud detection equipment. Tyrangiel said that once the staff in Bangalore saw an alert from FireEye, they reported it, but the notifications "went without any response."

"We approached Target and asked for specific comments on every aspect of our investigation. They did not respond to that," he said. "There are people in the security industry that speculate the system was new. That maybe people didn't trust it. That it was very complicated. But we do not have an answer on why Target ignored its own alerts."

It wasn't just the system's alerts that were ignored. Tyrangiel said that an important part of FireEye had been disabled.

"Not only did they ignore their own alerts, there's an automated system within FireEye that could have detected and eradicated the malware - the bad software - right then and there," he said. "That feature had been turned off on the system."

Tyrangiel said it appears the company didn't even know their security system had been breached.

"I don't think there's any evidence that they were trying to hide something because frankly the federal government is the one that went to Target, two weeks later and said 'We have information that that there is a massive data leak. We can see all the outgoing data on staging servers,'" he said.

Tyrangiel said the impact to Target's business has been "huge." During the holiday shopping period the company was down 46 percent in sales from the year before.

"We're all pretty new to the era of e-tailing and cyber crime, but customers learn pretty fast who's going to take care of their data," he said. "Forty-six percent is a massive, massive number."

To see Josh Tyrangiel's full interview, watch the video in the player above

  • Shoshana Davis

Comments

Follow Us

The Newsroom